| Universal package for |
|---|
| News |
|---|
|
Shown at SYSTEMS 2008 FlexiSheet added Shown at LinuxTag 2008 CoreData added SimpleWebKit became part of GNUstep Shown at FOSDEM 2008 |
| About |
|---|
|
Benefits Datasheet Description Features Future History Partners Presentations Screenshots Test Drive Testimonials Versions Videos |
| Support |
|---|
|
Applications Contact Developer Releases Documentation Donations FAQ Forum Getting Started Hardware Support Impressum Investments Trademarks |
TN001 - Software Update Manager
This technical note describes the background of the Software Update manager which is part of QuantumSTEP.This description is not up to date.
Technical Description
This site www.quantum-step.com hosts a server for downloadable files. The QuantumSTEP client asks the server which new software it has recently added. The server has a database for all software it can provide telling what it needs to have installed (if any) or what must not be installed. It looks up from this database and tells the client about available packages. The response includes a unique MD5 key describing the file reference. The client then initiates the download by using this key.Security
The client and the server have certain expectations:Client Security
The client wants to keep secret- who he/she is,
- which hardware is in use,
- which software is really/already installed, and
- Credit Card numbers, and
- wants to be able to refresh what he/she has already paid for,
- wants to be sure that the server is authentic.
Number 1-3: is solved by sending a list of all available software to the client and the client decides which software fits to its current installation. Only this software is requested from the server.
Number 4: is solved by using https for the download and passing the parameters by the POST method (so it is not included in the link).
Number 5: is solved by sending back an authorization code that the client has to note and can reuse.
Number 6: is solved by challenging the server for encryption of a random number. This can only be correctly decrypted if the server knows the correct decryption key for the encryption key built into the client. So, even reverse engineering the client does not help.
Server Security
- The server does not want to reveal any files the client has not been authorized e.g. by payment.
- Passing the authorization key to somebody else should not be possible.
Test
Please try this link: http://www.quantum-step.com/list.php to get the list of currently available software. The Software Download manager also queries this page. And you can even initate a manual download by using the file link.| News | ||
|---|---|---|
|
| Buy Hardware | ||
|---|---|---|
|
| Top 10 of Software Index |
|---|
|
AddressBook.framework (0.1250) AJZaurusUSB (0.1250) Bluetooth Scanner (0.1250) dtm2xml (0.1250) Foundation.framework (0.1250) Mail (0.1250) mySTEP SDK (0.1250) QuantumCODE (0.1250) QuantumSTEP Installer (0.1250) Test Drive (0.1250) |
| Forum | |||
|---|---|---|---|
|
Please visit the Forum for discussions and Announcements.
|
| Developer Community |
|---|
|
Architecture Bug Reports Change History Compiler (free download!) Downloads Membership Opportunities Philosophy SDK (free download!) Sources Browse a Snapshot Technical Notes Tutorials |
| Links |
|---|
|
www.goldelico.com www.gnustep.org www.openmoko.org home.pcmagic.net/far www.macrumors.com www.handheld-linux.com www.zaurususergroup.org |